Use STS for temporary access authorization

OSS supports Alibaba Cloud Security Token Service (STS) for temporary access authorization. STS is a web service that provides a temporary access token to a cloud computing user. Through the STS, you can assign a third-party application or a RAM user (you can manage the user ID) an access credential with a custom validity period and permissions. For more information about STS, see STS introduction.

STS advantages:

Your long-term key (AccessKey) is not exposed to a third-party application. You only need to generate an access token and send the access token to the third-party application. You can customize access permissions and the validity of this token.

You do not need to keep track of permission revocation issues. The access token automatically becomes invalid when it expires.